Actions
Bug #5644
closedInteger overflow at dcerpc.rs:846
Affected Versions:
Effort:
medium
Difficulty:
medium
Label:
Description
Hello there! I found panic at dcerps.rs:846 (attempt to subtract with overflow) during fuzz testing with AFL++.
Trace:
Reading 65564 bytes from overflow_crash thread '<unnamed>' panicked at 'attempt to subtract with overflow', src/dcerpc/dcerpc.rs:846:30 stack backtrace: 0: 0x5652142438ed - std::backtrace_rs::backtrace::libunwind::trace::h9135f25bc195152c at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/../../backtrace/src/backtrace/libunwind.rs:93:5 1: 0x5652142438ed - std::backtrace_rs::backtrace::trace_unsynchronized::h015ee85be510df51 at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5 2: 0x5652142438ed - std::sys_common::backtrace::_print_fmt::h5fad03caa9652a2c at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/sys_common/backtrace.rs:66:5 3: 0x5652142438ed - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h2b42ca28d244e5c7 at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/sys_common/backtrace.rs:45:22 4: 0x56521429dddc - core::fmt::write::h401e827d053130ed at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/core/src/fmt/mod.rs:1198:17 5: 0x5652142351a1 - std::io::Write::write_fmt::hffec93268f5cde32 at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/io/mod.rs:1672:15 6: 0x565214246605 - std::sys_common::backtrace::_print::h180c4c706ee1d3fb at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/sys_common/backtrace.rs:48:5 7: 0x565214246605 - std::sys_common::backtrace::print::hd0c35d18765761c9 at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/sys_common/backtrace.rs:35:9 8: 0x565214246605 - std::panicking::default_hook::{{closure}}::h1f023310983bc730 at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/panicking.rs:295:22 9: 0x565214246321 - std::panicking::default_hook::h188fec3334afd5be at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/panicking.rs:314:9 10: 0x565214246c26 - std::panicking::rust_panic_with_hook::hf26e9d4f97b40096 at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/panicking.rs:698:17 11: 0x565214246ad9 - std::panicking::begin_panic_handler::{{closure}}::hfab912107608087a at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/panicking.rs:586:13 12: 0x565214243de4 - std::sys_common::backtrace::__rust_end_short_backtrace::h434b685ce8d9965b at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/sys_common/backtrace.rs:138:18 13: 0x565214246849 - rust_begin_unwind at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/std/src/panicking.rs:584:5 14: 0x56521386e163 - core::panicking::panic_fmt::ha6dc7f2ab2479463 at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/core/src/panicking.rs:142:14 15: 0x56521386e02d - core::panicking::panic::hb3ad04c589a0e3c8 at /rustc/a55dd71d5fb0ec5a6a3a9e8c27b2127ba491ce52/library/core/src/panicking.rs:48:5 16: 0x565213cdce2d - suricata::dcerpc::dcerpc::DCERPCState::handle_common_stub::h4582d3f0e52da7ee 17: 0x565213cdd993 - suricata::dcerpc::dcerpc::DCERPCState::process_request_pdu::h9153bc7e54afe93b 18: 0x565213cdec03 - suricata::dcerpc::dcerpc::DCERPCState::handle_input_data::hd75d9953d62354c8 19: 0x565213cdffda - rs_dcerpc_parse_request 20: 0x56521387752c - AppLayerParserParse at /fuzz/suricata-7.0.0-beta1/src/app-layer-parser.c:1374:30 21: 0x56521386f28a - LLVMFuzzerTestOneInput at /fuzz/suricata-7.0.0-beta1/src/tests/fuzz/fuzz_applayerparserparse.c:198:16 22: 0x56521386ec5e - ExecuteFilesOnyByOne 23: 0x56521386ea69 - LLVMFuzzerRunDriver 24: 0x56521386e649 - main 25: 0x7fb80cc33d90 - <unknown> 26: 0x7fb80cc33e40 - __libc_start_main 27: 0x56521386e4b5 - _start 28: 0x0 - <unknown> fatal runtime error: failed to initiate panic, error 5
Build info:
This is Suricata version 7.0.0-beta1 RELEASE Features: DEBUG DEBUG_VALIDATION PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HTTP2_DECOMPRESSION HAVE_LIBJANSSON TLS TLS_C11 MAGIC RUST SIMD support: none Atomic intrinsics: 1 2 4 8 byte(s) 64-bits, Little-endian architecture GCC version Ubuntu Clang 14.0.6, C version 201112 compiled with _FORTIFY_SOURCE=0 L1 cache line size (CLS)=64 thread local storage method: _Thread_local compiled with LibHTP v0.5.41, linked against LibHTP v0.5.41 Suricata Configuration: AF_PACKET support: yes DPDK support: no eBPF support: no XDP support: no PF_RING support: no NFQueue support: no NFLOG support: no IPFW support: no Netmap support: no DAG enabled: no Napatech enabled: no WinDivert enabled: no Unix socket enabled: yes Detection enabled: yes Libmagic support: yes libjansson support: yes hiredis support: no hiredis async with libevent: no PCRE jit: yes LUA support: no libluajit: no GeoIP2 support: no Non-bundled htp: no Hyperscan support: no Libnet support: yes liblz4 support: yes Landlock support: yes Rust support: yes Rust strict mode: no Rust compiler path: /etc/cargo/bin/rustc Rust compiler version: rustc 1.64.0 (a55dd71d5 2022-09-19) Cargo path: /etc/cargo/bin/cargo Cargo version: cargo 1.64.0 (387270bc7 2022-09-16) Python support: yes Python path: /usr/bin/python3 Install suricatactl: yes Install suricatasc: yes Install suricata-update: yes Profiling enabled: no Profiling locks enabled: no Plugin support (experimental): yes Development settings: Coccinelle / spatch: no Unit tests enabled: no Debug output enabled: yes Debug validation enabled: yes Fuzz targets enabled: yes Generic build parameters: Installation prefix: /usr/local Configuration directory: /usr/local/etc/suricata/ Log directory: /usr/local/var/log/suricata/ --prefix /usr/local --sysconfdir /usr/local/etc --localstatedir /usr/local/var --datarootdir /usr/local/share Host: x86_64-pc-linux-gnu Compiler: afl-clang-fast (exec name) / afl-clang-fast++ (real) GCC Protect enabled: no GCC march native enabled: no GCC Profile enabled: no Position Independent Executable enabled: no CFLAGS -g -O2 -fPIC -std=c11 -I${srcdir}/../rust/gen -I${srcdir}/../rust/dist PCAP_CFLAGS -I/usr/include SECCFLAGS
Files
Updated by Victor Julien about 2 years ago
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
- Label Needs backport to 6.0 added
Updated by Shivani Bhardwaj about 2 years ago
- Label deleted (
Needs backport to 6.0, Rust)
Updated by Victor Julien about 2 years ago
- Status changed from New to Closed
Updated by Victor Julien about 2 years ago
- Assignee changed from OISF Dev to Philippe Antoine
Actions